Password leaks: How much is your reputation worth?

As you know, not a week/month goes by without a major news story about password hacking and online data breach. PF Chang’s, Target, Yahoo, Neiman Marcus, Hershey Medical, CitiBank, eBay, Facebook, Twitter, and others have been in the news for password and online data-breach.

Password leaks are caused when your users (staff, students) hop around from one SaaS portal to another creating new passwords at each site and later inputting those passwords for access. Thus, each user ends up with multiple passwords, each stored by a different SaaS vendor. SaaS vendors specialize in their vertical app domain and not necessarily in secure identity management. It is not entirely clear how passwords are stored by each SaaS vendor and who within their organization (employees, contractors, consultants, vendors, suppliers, agents,…) has access to your users personal data. SaaS vendors may not even have proper management processes in place to manage such sensitive user data. This leads to password leaks and increased risk of stolen identities and user data.

One way to avoid password leaks and related risks is to implement secure federated single sign-on software system within your own enterprise. This prevents proliferation of passwords. Your users now can simply use their single enterprise directory passwords to access all SaaS apps. Passwords always remain in your control in your local enterprise directory never leave your enterprise boundaries. No more creating and storing new passwords at 3rd party SaaS portal sites.

Elastic SSO software can be deployed on-premises for enabling such federated SSO authentication. It integrates with existing enterprise authentication system (such as Active Directory, LDAP, Windows Auth, CAS, SQL) and provides federated SSO to users. Your users now are able to access cloud hosted 3rdp party SaaS apps using one single enterprise directory password. The passwords never leave the enterprise and your users no longer have to store and input their passwords at 3rd party sites. This reduces password leaks and improves security.